|
I have analyzed most of requirements in workbooks, and found, that whole setup for router's Class of Restrictions may be simplified significantly. What is usually suggested? Create very granular"partitions", and "cor lists", then assign them to each phone and each dial-peer, etc. Something like: dial-peer cor custom
name pt-911
name pt-loc
name pt-ld
name pt-intl dial-peer cor list css-911
member pt-911 dial-peer cor list css-loc
member pt-loc ... dial-peer cor list css-911-loc
member pt-911
member pt-loc dial-peer voice 911 pots
destination-pattern 911
cor outbound css-911 ephone-dn 1
number 4001
cor inbound css-911-loc ...etc.
According to Cisco documentation, the actual "rejection" happens ONLY in the case, when inbound cor-list does not match outbound cor-list. Something like this: | Key1 | Lock1
| Allow
| Key1
| No Lock
| Allow
| No Key
| Lock1
| Allow
| No Key
| No Lock
| Allow
| Key1
| Lock2
| Block
|
So, if the question asks for only two "states" (for example, Phone1 should be able to call only 911 and Local, and Phone2 should be able to call everything, all we need to create is one "key" and one "unmatching lock". Something like this: 
So, the config will shank to: dial-peer cor custom
name pt-loc
name pt-ld dial-peer cor list css-loc
member pt-loc dial-peer cor list css-ld
member pt-ld dial-peer voice 911
destination-pattern 911 dial-peer voice 91
destination-pattern 91[2-9]..[2-9]......
cor outbound css-ld ephone-dn 1
number 4001
cor inbound css-loc ephone-dn 2
number 4002
cor inbound css-ld
So, for example, call from Phone1 will be able to call 911 (or local) because dial-peer 911 has no "lock". But when it dials Long Distance, the dial-peer has the "lock", and the "key" Phone1 has does not match the lock. However calls from Phone2 will succeed to any dial-peer becauseit has not "key" and can do whatever it want.
UPDATE!!! Even with more complex scenario, it's possible to optimize COR lists to minimum. For example, question requires 3 phones to have different levels of access: Phone 1 can dial 911 and Local numbers,
Phone2 can dial 911, Local and Long Distance numbers,
and Phone3 can dial all above plus International numbers. With a "granular approach" we will need to create 6-8 COR-lists, and assign them to all devices and dial-peers. However if we draw the picture of what should be able to dialing what, we will see that we can minimize it to 3 cor-lists with a single "partition" in each, and assign properly: 
So, we assign CSS to devices and dial-peers according to the picture, and we get all conditions meet. Here how it works: 1. All phones can dial Route1 because it has no "lock" (we assign 911 dialing pattern here as well).
2. Phone1 cannot call Route2 and Route3 because it's CSS does not match to their CSS.
3. Phone2 can dial Route2 because it's CSS matches Route's CSS (key = lock)
4. Phone2 cannot call Route3 because it's "key" does not match "lock" on the Route3.
5. And Phone3 can dial everywhere because it has no key at all.
|
Routers 